You are here: The Open Group > Architecting to the Edge™ > Proceedings > Report

Messaging Forum

Objective of Meeting

The objectives of the April 2006 meeting of the Messaging Forum were two-fold:

  • Initiate the S/MIME Secure Messaging Certification
  • Workshops to progress Forum work areas


S/MIME Secure Messaging Certification

On Monday April 24, The Open Group launched the S/MIME Secure Messaging Certification program to identify organizations and individuals who are able to support the deployment of secure email systems. The program will speed up the deployment of standards-based email encryption systems, and enable enterprises to meet the increasing stringent regulatory requirements for privacy of email. To date, enterprises leading the deployment of secure email have been hampered by the lack of ability of their business partners to deploy interoperable systems and the difficulty in identification of professional service companies and individuals that are able to provide support.

Certification is based on the S/MIME Secure Messaging Architecture, published by The Open Group Messaging Forum, which sets out a flexible, standards-based architectural approach to secure email, that ensures interoperability.

Allen Brown, President and CEO of The Open Group, presented certificates to the first certified services providers and practitioners:

  • S/MIME Secure Messaging SERVICES: for companies who have skilled practitioners who are able to deploy secure email systems:
    • The Boeing Company
    • Noventum Consulting GmbH
    • Research Environment for Global Information Society, REGIS
    • The Open Group Messaging Forum 
  • S/MIME Secure Messaging CERTIFIED: for individuals who have the appropriate knowledge and understanding:
    • Stephan Wappler, Noventum Consulting GmbH
    • Masao Shibutami, Asahi Techneion Co.
    • Akiharu Shitama, Asahi Techneion Co. 
  • S/MIME Secure Messaging TRAINING: for in-depth training courses that address all of the topics necessary to understand how to deploy secure email systems:
    • Noventum Consulting GmbH

Quotes about the importance of the program were:

  • Allen Brown: "This is an important certification program that addresses a major industry need. It is especially gratifying to see industry partners working together to develop this certification program.  Members of The Open Group Messaging Forum can be proud of their achievements." 
  • Brad Wright, Manager, Enterprise Messaging Services from Boeing: "This addresses a key objective for the Boeing Company. It will enable us to meet our targets for deployment of secure email with our major business partners." 
  • Uwe Rotermund, CEO of Noventum Consulting: "Noventum is proud to lead this important activity in Europe. Secure Messaging is strategic for our company and its clients." 
  • Jack Fujieda, President and CEO of ReGIS, Inc.: "Japan has traditionally been a follower of standards activities and certification. This time, I had the opportunity to be at the forefront of this program, which reflects the importance of security to the Automotive and Aerospace Industries in Japan."

In support of the program, Wen Fang from the Boeing Company and Stephan Wappler from Noventum AG presented a training course for individuals considering taking the examination to become S/MIME Secure Messaging CERTIFIED.

Visit The Open Group for more information about this program and to participate in the certification program. An up-to-date register of certified organizations and individuals is also available.

Working Sessions

Working sessions for members of the Messaging Forum were held to progress the work of the Forum in several areas.

CALL FOR PARTICIPATION: The Forum took a far-reaching decision regarding participation in its work programs. In future ALL members of The Open Group may participate in the working activities of the Messaging Forum, not only those members who have selected Messaging as their Forum of choice. A formal call for participation will be issued shortly. Meanwhile, any member of The Open Group interested in participation in any of the following programs should contact Mike Lambert, the Forum Director, by email.

Secure Mail Gateway Strategy

The objective of this working session was to establish a strategic direction for the future of the S/MIME Gateway Certification program (launched in July 2004).

Topics addressed during the meeting included:

  • Experience with SMGv1: Members of MHDC have expressed satisfaction with the program. Tufts Healthcare and Commonwealth of Massachusetts are "happy users". Vendors of conformant products are disappointed with the market take-up and report that the volume of mail encrypted at the gateway using the SMGv1 profile represents a small proportion of the total mails sent. 
  • Role of Proxy Solutions: Particularly in Europe, the use of systems which manage individual user certificates at the domain gateway is growing. 
  • Role of TLS: Network-level security (using TLS between gateways) is increasingly used for email encryption. There remain reservations about the extent to which it provides the absolute control of encryption necessary for regulatory compliance. 
  • Growth in PGP: All vendors represented at the meeting include support for PGP encryption. This is not currently based on any open standard. PGP Corporation expressed a desire to establish an Open-PGP standard. 
  • Microsoft Plans: At a special briefing alongside a recent E-Mail Authentication Summit, Microsoft revealed plans to incorporate gateway-level security (encryption/signatures) at the domain gateway, using keys stored in DNS, in the upcoming release of Exchange. Exchange 12. This will use an XML-based format for mail messages to improve the level of security (by encrypting mail headers). Those present agreed that this potentially represents an exciting route forward, which could address a lot of known restrictions associated with the Internet mail system. However, this will only work if the specifications are available openly to ensure broad support by MTA vendors. More information about the approach proposed is needed. 
  • Strategy: It was agreed that the focus of the program should be extended and should embrace different modes of operation typically supported by outgoing mail gateways. It should support:
    • S/MIME, PGP, and potentially the new Microsoft XML mechanisms
    • Both gateway and desktop operation at the recipient
    • Domain signatures

Federated Free/Busy

The objective of this working session, jointly promoted by the Calendaring & Scheduling Consortium, was to decide how to address the business problem defined in the Federated Free/Busy scenario.

Topics addressed during the meeting included:

  • Confirmation of Problem: Participants confirmed their understanding of the problem and how it can be constrained to enable a solution to be developed in the required timescale. 
  • Review of Status of CalDAV: The CalDAV scheduling specifications will not be completed in the required timescale. Product vendors present at the meeting agreed that it would be possible to implement a subset of the protocol to provide the free/busy information needed to meet the requirement. 
  • Architecture: An output of the workshop was an architecture document showing the components needed to address the requirement. Task to be competed include:
    • Provision of API/protocol to retrieve free/busy information from server-based calendaring systems
    • Selection of a User Interface to display the results of a free/busy query (candidates include the clients within Outlook and Lotus)
    • Develop "connectors" to link clients/servers 
  • Strategy: It was agreed that The Open Group and the Calendaring and Scheduling Consortium will continue to work together on Federated Free/Busy. Two vendors agree to demonstrate interoperability of free/busy information at the next Calconnect meeting in May 2006.

Manager's Guide to Message Retention

The objective of this working session was to develop a proposal for a new work item to develop a Manager's Guide to Message Retention. 

  • Background: EMA produced the Message Retention Toolkit around 10 years ago. The content is now out-of-date. Organizations need guidance on how to ensure that their messaging systems are compliant with recent regulation. 
  • Proposed project: Develop a Manager's Guide to Message Retention to: “provide guidance to enterprises in establishing message retention and associated policies that balances requirements for regulatory compliance, litigation support, with the resources needed within the enterprise to manage the messaging system.” 
  • Scope: While there is a need for broad guidance in all areas of messaging policy, it was agreed that the focus of this project should be Email Message Retention, but must include the implications of local copies of emails on any retention policy.


  • Press release announcing the launch of the S/MIME Secure Messaging Certification program, with eight certified organizations/individuals at launch
  • Open Cannes award jointly to the Messaging and Security Forums for the development of the Certificate Policy Assurance project
  • Agreed plan for a revised Secure Messaging Gateway program
  • Architecture and plan to address Federated Free/Busy
  • Agreement to proceed with a project to develop a Manager's Guide to Message Retention

Next Steps

Secure Messaging Gateway

  • Develop a business scenario to confirm the user requirement
  • Invite Microsoft to provide additional information about plans for Exchange 12
  • Establish plans for the development of an Open-PGP specification
  • Define the scope for the Secure Messaging Gateway program

Federated Free/Busy

  • Demonstration of CalDAV free/busy lookup at next meeting of the Calendaring and Scheduling Consortium
  • Boeing to consider open sourcing existing "connector" to MS Outlook
  • Develop web-based front-end for demonstration at July Forum meeting

Certificate Policy Assurance

  • Continued teleconferences to complete the first draft of the architecture document
  • Extend visibility of project via conference participation

Message Retention

  • Develop and agree skeleton contents list for new Manager's Guide
  • Issue call for participation
  • Teleconference at end of May to review proposed Contents List

S/MIME Secure Messaging Certification

  • Plan extended roll-out of program
  • Additional training courses

The Message

  • Target: next edition in May 2006; focus on the active projects within the Forum


See above.

   |   Legal Notices & Terms of Use   |   Privacy Statement   |   Top of Page   Return to Top of Page